Cisco Updates
1876Warning Date
Severity Level
Warning Number
Target Sector
19 August, 2021
● High
2021-3392
All
Description:
Cisco has released security updates to address several vulnerabilities in products under the following Cisco categories:
- QNX Software Development Platform (SDP) – 6.5.0SP1 and earlier
- QNX OS for Medical – 1.1 and earlier
- QNX OS for Safety – 1.0.1 and earlier
- Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers
- Server Name Identification (SNI)
- Cisco Firepower Threat Defense (FTD)
- Snort detection engine
- Cisco Secure Email and Web Manager
- Cisco Video Surveillance 7000 Series IP Cameras Link Layer Discovery Protocol
- Cisco Expressway Series and TelePresence Video Communication Server
Threats:
An attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS)
- Buffer Overflow
Best practice and Recommendations:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-qnx-TOxjVPdL
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sni-data-exfil-mFgzXqLN
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-spam-jPxUXMk
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipcamera-lldp-dos-OFP7j9j
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewver-c6WZPXRx
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewrce-QPynNCjh